From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stephen Samuel Subject: Re: LOG target for rate-limiting on iptables not working...? Date: Thu, 02 Mar 2006 16:55:17 -0800 Message-ID: <440793F5.2060707@bcgreen.com> References: <33006.10.0.0.113.1141342014.squirrel@webmail.surefoot.com> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-reply-to: <33006.10.0.0.113.1141342014.squirrel@webmail.surefoot.com> Sender: linux-admin-owner@vger.kernel.org List-Id: Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Jens Knoell Cc: linux-admin@vger.kernel.org I usually just have a rule like logreject: $FW -I INPUT -p tcp --dport 110 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j LogReject1 # RULE: Logreject: $FW -N LogReject1 $FW -I LogReject1 -j LOG --log-level warn --log-prefix "RLIMIT[POP3]: $FW -I LogReject1 -j REJECT Jens Knoell wrote: >I've rate-limited the incoming connections to some ports. The rate >limiting works, but it doesn't log to syslog... other non-rate-limiting >rules where LOG targets exist work, so I know logging in principle works. >What am I missing? No LOG target for this module? :) > > > >Rule: > ># POP3 (max 5 per minute) > >$FW -I INPUT -p tcp --dport 110 -i eth0 -m state --state NEW -m recent >--set > >$FW -I INPUT -p tcp --dport 110 -i eth0 -m state --state NEW -m recent >--update --seconds 60 --hitcount 5 -j LOG --log-level warn --log-prefix >"RLIMIT[POP3]: " > >$FW -I INPUT -p tcp --dport 110 -i eth0 -m state --state NEW -m recent >--update --seconds 60 --hitcount 5 -j REJECT > > >Also, is there any advantage to use DROP instead of REJECT? Just >curious. > > -- Stephen Samuel +1(604)450-0066 samnospam@bcgreen.com http://www.bcgreen.com/ Powerful committed communication. Transformation touching the jewel within each person and bringing it to light.